Important Changes to Mashape Authorization Keys

What?

In our effort to improve the way keys are handled in Mashape, we have changed the naming and more importantly the way keys are used in Mashape. This is an important change so we recommend that you read on.

When?

Where?

After receiving feedback regarding the trouble and complexity of generating an authorization hash from your Mashape private and public keys, we decided to change and improve the way these keys are interpreted and generated. One of the problems that arose from generating a hash is when someone intercepts it. It will compromise your Mashape account in its entirety, leaving all your API access open to anyone who may have intercepted the hash.

How?

To address this problem, we have removed the requirement to generate any hash. Instead there will be two main keys for you to manage:

Universal key Testing – used for testing and will have access to every API

Restricted keys Production- used in production, and can be restricted to consume only a specified group of APIs. (In theory, you can create one restricted key for each API).

Both Testing and the Production keys can be re-generated anytime.

Where?

Below are the areas in Mashape where you will see the changes:

Client library (Ruby example below):

Ruby client library

Dashboard

Mashape dashboard

Keystore panel

Keystore Panel

Client library download

Client library download

Where did my Public and Private Mashape keys go?

To ensure a smooth transition, your original Public and Private keys will still work in your applications. We would however recommend that you start using the new Universal and Restricted keys moving forward.

We would love to hear your feedback. Please email us at support@mashape.com for any comments and suggestions.